My app has a facebook canvas version at apps.facebook.com/fizzpoints.
The unity3d file is hosted at www.fizzpoints.com.
The app makes API calls to development.fizzpoints.com.
My app and API calls work fine on my tests with Android. They also work in the editor when the build settings are set to webplayer, which I understand to be emulating the same security policy as the actual webplayer.
However, in the facebook canvas, they don't work. I get the following error (I have some of this information because I installed the logviewer http://www.dreammakersgroup.com/products-2/unity3d-in-game-logs/).
> NotSupportedException: https://development.fizzpoints.com/api/users/adminmessage //same for my other endpoints as well> System.Net.WebRequest.GetCreator(System.String prefix)> System.Net.WebRequest.Create(System.Uri requestUri)> System.Net.WebRequest.Create(System.String requestUriString)
That is one of my endpoints, but it works fine in the editor with webplayer selected, as do all my other endpoints.
I followed the directions in the debugging section of this resource (http://docs.unity3d.com/Manual/SecuritySandbox.html) to see my logs. In the editor, even though the API calls work, I do get an error.
> CheckingSecurityForUrl:> https://development.fizzpoints.com/api/users/fblogin> CheckingSecurityForUrl:> https://development.fizzpoints.com/crossdomain.xml> ERROR building certificate chain:> System.ArgumentException: certificate> ---> System.Security.Cryptography.CryptographicException:> Unsupported hash algorithm:> 1.2.840.113549.1.1.12 at Mono.Security.X509.X509Certificate.VerifySignature> (System.Security.Cryptography.RSA rsa)> [0x00000] in :0 > at> Mono.Security.X509.X509Certificate.VerifySignature> (System.Security.Cryptography.AsymmetricAlgorithm> aa) [0x00000] in :0 > at> System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith> (System.Security.Cryptography.X509Certificates.X509Certificate2> signed,> System.Security.Cryptography.AsymmetricAlgorithm> pubkey) [0x00000] in unknown>:0 at> System.Security.Cryptography.X509Certificates.X509Chain.Process> (Int32 n) [0x00000] in unknown>:0 at> System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain> (X509ChainStatusFlags flag) [0x00000]> in :0 at> System.Security.Cryptography.X509Certificates.X509Chain.Build> (System.Security.Cryptography.X509Certificates.X509Certificate2> certificate) [0x00000] in unknown>:0 --- End of inner> exception stack trace --- at> System.Security.Cryptography.X509Certificates.X509Chain.Build> (System.Security.Cryptography.X509Certificates.X509Certificate2> certificate) [0x00000] in unknown>:0 at> System.Net.ServicePointManager+ChainValidationHelper.ValidateChain> (Mono.Security.X509.X509CertificateCollection> certs) [0x00000] in unknown>:0 Please, report this> problem to the Mono team
According to this resource (http://msdn.microsoft.com/en-us/library/ff635603.aspx), algorithm 1.2.840.113549.1.1.12 is sha384RSA, but my certificate issuer (Comodo) assures me that the only possible algorithm used was SHA256 (presumably algorithm 1.2.840.113549.1.1.11).
Subsequent calls to the same and other endpoints do not result in an error, just the single line:
> CheckingSecurityForUrl: https://development.fizzpoints.com/api/users/adminmessage
**Additional Info**
As you may have noticed, I'm making my calls with the HTTPWebRequest class. I'm not using unity's WWW class because I need to be able to change request headers, which, if it is possible, eluded me when I experimented with the class.
My SSL configuration file on my server contains the following 2 lines:
> SSLProtocol all -SSLv2 >> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Are any of those directives causing trouble for Unity?
↧